Joint ownership of protected information

ABSTRACT

Disclosed herein is a system and method for managing a collaborative document that is owned by two different users who belong to different organizations. The users first create a document that will be owned by both users. Both users are also granted full ownership rights in the document. The users then contribute to the document by providing information that may be confidential to their organization. The users want to ensure that they can cut off access to the confidential information if and when the relationship between the users or organizations sours. When one of the users with full ownership privileges decides to end the cooperation with the other users, that user simply revokes access to the document to the other user. As a result of the revocation all users are no longer able to see or access the entire document. In this way the confidential information of all parties is protected.

TECHNICAL FIELD

This description relates generally to management of a collaborativedocument that is owned by two owners from different organizations.

BACKGROUND

Both individuals and companies often need to share sensitive informationfor collaboration, such as reviewing documents by multiple parties,journaling confidential audio, video or text based conversations.Sometimes multiple parties create and author protected informationtogether (e.g. meetings recording) such that each party would like theability to control the access to the content based on the trust betweenthem, so if one party mistrusts the others, that party can ensure thattheir protected information is no longer accessible to the otherparties.

SUMMARY

The following presents a simplified summary of the disclosure in orderto provide a basic understanding to the reader. This summary is not anextensive overview of the disclosure and it does not identifykey/critical elements of the invention or delineate the scope of theinvention. Its sole purpose is to present some concepts disclosed hereinin a simplified form as a prelude to the more detailed description thatis presented later.

The present example provides a system and method for managing acollaborative document that is owned by two different users who belongto different organizations. The users first create a document that willbe owned by both users. Both users are also granted full ownershiprights in the document. The users then contribute to the document byproviding information that may be confidential to their organization.Due to the information being shared the users want to ensure that theycan cut off access to this information if and when the relationshipbetween the users or organizations sours. The access to the document iscontrolled by both users. They may add additional users to the access ofthe document who may be given access privileges to the document or maybe given full ownership privileges. When one of the users with fullownership privileges decides to end the cooperation with the otherusers, that user simply revokes access to the document to the otheruser. As a result of the revocation all users are no longer able to seeor access the entire document. In this way the confidential informationof all parties is protected.

Many of the attendant features will be more readily appreciated as thesame becomes better understood by reference to the following detaileddescription considered in connection with the accompanying drawings.

DESCRIPTION OF THE DRAWINGS

The present description will be better understood from the followingdetailed description read in light of the accompanying drawings,wherein:

FIG. 1 is a block diagram illustrating a collaborative workingenvironment where collaborative documents can be created by individualsor organizations that contain confidential or proprietary informationfrom one or more of the organizations according to one illustrativeembodiment.

FIG. 2 is flow diagram illustrating a process for implementing the jointcollaborative document system according to one illustrative embodiment.

FIG. 3 is a flow diagram illustrating the process for regranting accessto the collaborative document according to one illustrative embodiment.

FIG. 4 illustrates a component diagram of a computing device accordingto one embodiment.

Like reference numerals are used to designate like parts in theaccompanying drawings.

DETAILED DESCRIPTION

The detailed description provided below in connection with the appendeddrawings is intended as a description of the present examples and is notintended to represent the only forms in which the present example may beconstructed or utilized. The description sets forth the functions of theexample and the sequence of steps for constructing and operating theexample. However, the same or equivalent functions and sequences may beaccomplished by different examples.

When elements are referred to as being “connected” or “coupled,” theelements can be directly connected or coupled together or one or moreintervening elements may also be present. In contrast, when elements arereferred to as being “directly connected” or “directly coupled,” thereare no intervening elements present.

The subject matter may be embodied as devices, systems, methods, and/orcomputer program products. Accordingly, some or all of the subjectmatter may be embodied in hardware and/or in software (includingfirmware, resident software, micro-code, state machines, gate arrays,etc.) Furthermore, the subject matter may take the form of a computerprogram product on a computer-usable or computer-readable storage mediumhaving computer-usable or computer-readable program code embodied in themedium for use by or in connection with an instruction execution system.In the context of this document, a computer-usable or computer-readablemedium may be any medium that can contain, store, communicate,propagate, or transport the program for use by or in connection with theinstruction execution system, apparatus, or device.

The computer-usable or computer-readable medium may be for example, butnot limited to, an electronic, magnetic, optical, electromagnetic,infrared, or semiconductor system, apparatus, device, or propagationmedium. By way of example, and not limitation, computer-readable mediamay comprise computer storage media and communication media.

Computer storage media includes volatile and nonvolatile, removable andnon-removable media implemented in any method or technology for storageof information such as computer-readable instructions, data structures,program modules, or other data. Computer storage media includes, but isnot limited to, RAM, ROM, EEPROM, flash memory or other memorytechnology, CD-ROM, digital versatile disks (DVD) or other opticalstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tostore the desired information and may be accessed by an instructionexecution system. Note that the computer-usable or computer-readablemedium can be paper or other suitable medium upon which the program isprinted, as the program can be electronically captured via, forinstance, optical scanning of the paper or other suitable medium, thencompiled, interpreted, of otherwise processed in a suitable manner, ifnecessary, and then stored in a computer memory.

Communication media typically embodies computer-readable instructions,data structures, program modules or other data in a modulated datasignal such as a carrier wave or other transport mechanism and includesany information delivery media. This is distinct from computer storagemedia. The term “modulated data signal” can be defined as a signal thathas one or more of its characteristics set or changed in such a manneras to encode information in the signal. By way of example, and notlimitation, communication media includes wired media such as a wirednetwork or direct-wired connection, and wireless media such as acoustic,RF, infrared and other wireless media. Combinations of any of theabove-mentioned should also be included within the scope ofcomputer-readable media, but not computer readable storage medium.

When the subject matter is embodied in the general context ofcomputer-executable instructions, the embodiment may comprise programmodules, executed by one or more systems, computers, or other devices.Generally, program modules include routines, programs, objects,components, data structures, and the like, that perform particular tasksor implement particular abstract data types. Typically, thefunctionality of the program modules may be combined or distributed asdesired in various embodiments.

With the advent of online collaborative working environments and virtualdata rooms such as Office365 and Google Docs the ability to work withother people around the world has dramatically increased. The ease andefficiency in which individuals can collaborate in real time has furtherenabled the likelihood that individuals from different organizationswill have a chance to work together in a collaborative environment.These individuals from different organizations can often be working insuch a manner as to where they will be share confidential or otherproprietary information during the creation of a collaborative document.Some situations where this can often come up in are joint development ofproducts, contract negotiations between parties, mergers andacquisitions, joint legal defenses, product purchases, consultingagreements, etc. Typically the organizations have put in placeagreements that define how each other will treat the other'sconfidential or proprietary information. These agreements often statewhat the other party can or cannot do with the information that isshared from one party to the other. Many times these agreements alsostate what the parties must do with the other party's the informationonce the agreement is terminated, expires or the parties decide not tocontinue working together. One of the biggest concerns in these types ofagreements or situations is ensuring that the other party actuallycomplies with the terms of the agreement.

The following provides a simplified scenario in which the presentdiscussion is based around. Contoso, Fabricam and Adatum companies wouldlike to establish a partnership for a marketing campaign. They set anonline meeting, expose and share sensitive sales information. Theyrecord the meeting using a software product and save it to a protectedvideo file with a joint-ownership mode. After several days while theycould access the protected video file in furtherance of the campaign,Contoso discovers that Fabricam and Adatum had plotted to cause themsevere losses. Contoso decides to break the partnership and revokes theaccess for the video file from all three parties. As a result neitherContoso, nor Fabricam nor Adatum is able access the protected videofile. This approach protects all of the companies' confidential andproprietary information that has been shared.

FIG. 1 is a block diagram illustrating a collaborative workingenvironment where collaborative documents can be created by individualsor organizations that contain confidential or proprietary informationfrom one or more of the organizations. The collaborative document system100 of FIG. 1, according to one illustrative embodiment, includes acollaborative working portal 120, an access control component 130, adocument store 140, a user 150 and a user 160.

User 150 is, for example, a user who is working on a collaborativedocument with user 160 from a different organization. User 150 mayinteract with the collaborative working portal through a network 101,such as the internet or other network, and a network connection such asnetwork connection 151. Network connection 151 can be any type ofnetwork connection that is available to the user 150 to connect with thecollaborative working portal. User 150 is a member of organization 155that is providing confidential or proprietary information to thecollaborative document 125. Similarly, user 160 is, for example, a userwho is working on a collaborative document with user 150 from thedifferent organization 156. User 160 may interact with the collaborativeworking portal through a network connection such as network connection161. Network connection 161 can be any type of network connection thatis available to the user 160 to connect with the collaborative workingportal. User 160 is a member of organization 165 that is providingconfidential or proprietary information of organization 165 to thecollaborative document.

The user 150 interacts with the collaborative working portal 120 throughthe network connection 151 to access the collaborative document 125. Inthe same way user 160 can interact with the collaborative working portal120 though the network connection 161 to access the collaborativedocument 125.

In some embodiments the user 150 is able to work on the collaborativedocument 125 in real time with the user 160. The users 150 and 160 arein some embodiments able to work on the collaborative document atdifferent times as well. In yet other embodiments only one of the users150 or 160 is able to work on the document at once. This scenario occurstypically in collaborative working portals where the document is checkedout by one user 150, 160 and as a result is locked from editing by theother user. In some scenarios the user who is locked out from editingthe document may still be able to view the document. In some of thesescenarios the user who is locked out of the document may be able to seethe changes that are made to the document in real-time. In somescenarios the user who is locked out can make changes to the document,but these changes are not reflected in the version of the document thatis displayed to the user who is currently able to edit the document. Thechanges that the locked out user makes to the document in this scenariocan be incorporated into the original document once the editing userchecks the document back into the system and allows for others to editthe document 125. To avoid unnecessary changes or conflicting changes tothe document, the user may be presented with the changes in a mannerthat the locked out user can see how their changes affect the editeddocument. These changes can be presented to the user in this scenariothrough the use of redline format. The locked out user can thendetermine which of the changes they wish to incorporate into thedocument 125.

Organizations 155 and 165 are different organizations that are workingtogether with each other on the creation of a collaborative document.These organizations 155, 165 are in one embodiment organizations thattypically compete with one another in various arenas. However, for somereason these organizations have decided to collaborate on the creationof at least one document that will include or may include confidentialor proprietary information related to at least one of the organizations155, 165. While FIG. 1 illustrates only two users and two organizationsthe present disclosure can be implemented with any number of differentorganizations as well as any number of users from within theorganizations. Also, while the present discussion centers around theorganizations being different organizations, the organizations 155 and165 can be the same organization where information is siloed or nottypically shared among divisions of the same organization. This couldoccur in situations such as the military, the government or law firms,where different parts have access to different knowledge and may notneed to share out this knowledge with each other on a regular basis.

The collaborative working portal 120 is in one embodiment a cloud basedservice that permits users to access documents, such as collaborativedocument 125, to create and edit the documents, such as Microsoft'sOffice365 of Google's Google Docs. However, the collaborative workingportal 120 can be any portal that permits users to remotely accessdocuments and edit them in a collaborative manner. This can also includesystems that are not cloud based where users check out documents andcheck the document back in when they are done making the edits. In oneexemplary scenario, the collaborative document 125 is hosted by one ofthe organizations 155, 165 and access is granted to the otherorganization through a Virtual Private Network (VPN) or other means.

The collaborative working portal 120 typically hosts a number ofdifferent applications 121 or application interfaces that permit theusers to access the collaborative documents 125 and edit the document.In some embodiments the applications permit both users 150 and 160 toedit the documents at the same time and see the changes each author ismaking in real time. These applications 121 can sometimes even allow oneuser see where in the document the other user currently has a cursor oris otherwise viewing. In this way the collaborative working portal 120allows the users 150 and 160 to effectively collaborate with each other.Applications 121 can be any type of application. For example,applications 121 can include a word processing application, aspreadsheet application, a database application, a presentationapplication, an email application, a drawing application, an instantmessaging application, a video conference application, a recordingapplication, etc.

Collaborative document 125 is any document that users can collaborate onin the creation of the document. Collaborative document 125 can includea word processing document, a spreadsheet document, a presentationdocument, an email, a drawing document, a website, an instant messageportal, a video recording, or any other type of document or creativecontent that can be collaborated on. Further, the collaborative document125 can be a combination of multiple different documents or differenttypes of documents. As the collaborative documents 125 includeconfidential or proprietary information from at least one of theorganizations 155 or 165 additional access controls are placed on thedocument 125 to help ensure that the information contained in thecollaborative document is not shared beyond the intended community ofusers. However, because the collaborative document 125 is a jointdocument between two different organizations the management of theaccess control and the effects of changing the access control aresignificantly different from that of normal access controlled documents.This access control can even extend to capture histories ofconversations where the document only exists on one user's machine, suchas a chat history.

Access control component 130 is a component of the system 100 thatcontrols access to the collaborative document 125. The access controlcomponent 130 takes each document that is identified as a jointownership document and adds a set of permissions 135 to the document.This set of permissions 135 determines who may access the document andwhat these individuals can do with the document. Some of the permissionscan include permission to edit the document, view the document, printthe document, share the document or download the document. However,other types of permissions may be added to a document. These permissionscan be expressed through an access control list or other approach. Theaccess control component 130 also identifies what organization each userbelongs to. In this way the access control component 130 can associatecontent with individuals and organizations. The access control component130 can be implemented using any system for regulating and controllingaccess to resources that permits users to be given various levels ofaccess, privileges and control to resources or content, such as ActiveDirectory, Microsoft RMS, WatchDox, and Intralinks.

The access control component 130 may receive instructions from one orboth of users 155 or 165 regarding the management of the jointcollaborative document 125. These instructions may be the addition ofadditional users who may access the document 125, may be changes in theprivileges of various uses of the documents 125, it could be therevocation of access to the document for certain users currently havingaccess to the document, or any other type of change in the permissionsof the users. In some embodiments the users 155 and 165 areadministrators for their respective organizations who have the abilityto manage the users in their respective organizations access to thejoint collaborative document. However, in some scenarios other users maybe designated administrators such that access can be controlled even inone of the original users somehow becomes unavailable. This allows eachorganization to manage the document internally according to their ownpolicies without concern for the policies of the other organization.

The access control component 130 performs an important function on thecollaborative document 125 when one or more of the organizations 155,165 decides to remove access to the document to an individual or theother organization. As the document 125 contains confidentialinformation related to both organizations 155, 165 the management of theremoval of permission to access the collaborative document 125 is moretroublesome. In traditional access management when a person has theirpermission changed so they can no longer access the document only thatperson is impacted by the change in the access policy. In the presentsystem when a user or organization is denied access a number ofdifferent processes can occur depending on the set up of the permissionsand the joint collaborative document.

If the revocation of the access is made by one organization 155 asagainst the other organization 165 one of several possible actions orresponses can occur. First when the revocation occurs the revocation cancause all members of both organizations to no longer have access to thejoint collaborative document. In this way the confidential orproprietary information contained in the document can be fullyprotected. This can occur when it is difficult or impossible todetermine which party contributed the information to the document 125 orbased on the initial settings. The revocation by the one organizationindicates that the work being done is no longer going forward and theaccess to both of their confidential information by the other party isno longer authorized. In an alternative approach, the application 121 orthe access control component 130 tracks the changes and/or contributionsmade by each of the organizations and/or users and associates thatinformation with that user. These changes in the document are thentagged with metadata or other mechanisms as being the contributions fromthat particular organization or user who made the specific changes. Whenthe revocation occurs, the access control component 130 modifies thepermissions on the document such that changes and/or contributions madeby the other party (i.e. the party that had permissions revoked) areredacted from the document when the revoking party views the document.In this way the revoking party still has access to the content that theyprovided without having access to the portions provided by the otherparty. Conversely, the other party will have access to the document aswell, but with the revoking party's contributions redacted. In someembodiments each party may have to identify positively the portions ofthe document that contains that party's confidential or proprietaryinformation. In other embodiments one party may still see theircontribution while the other party cannot see the contents of thedocument. Information related to the individual who changed thepermissions to the document may be tracked and stored for later review.

When the permissions are changed by one user or organization the accesscontrol component 130 can send a message to the user or organizationthat had its privileges revoked. In this way the other organization isinformed of the revocation and can take necessary actions as well. Evenonce the revocation of privileges has occurred the party that had theirprivileges revoked still has access to the management of the document125 even if they cannot access the contents of the document 125. In thisway the revoked party can still control who has access to the document.The revoked party can in turn revoke the privileges of any other partywho had or has access to the document. This approach ensures that inscenarios where access can regranted following revocation the revokingparty cannot simply reinstate privileges without the other partyagreeing on this as well.

Documents 125 that have had access privileges revoked can continue toexist and remain on the collaborative working portal 120. The documentsmay continue to reside on the document store 140 and the organizationsmay continue to see the documents as being there, but that thepermissions have been revoked. In some embodiments, either party may goback into the document and change the permissions to the document 125.For example, the organizations may have had a falling out and now wishto reinstate the relationship with each other. Either party can go backinto the permissions and change the permissions that they control toallow the other party access to the document 125. The access controlcomponent 130 may send a message to the other organization indicatingthat permission has been granted and verifying if the other organizationwishes to allow access as well. If both parties agree to allowing accessagain the document will become available to both parties again.

The document store 140 is a storage system or location that is part ofthe collaborative working portal 120. The document store 140 stores allor at least a portions of the documents that have been created on thecollaborative working portal 120 by all of the users of the system 100.Documents that are stored in the document store 140 are identified withthe respective users who can access or create the documents. In someembodiments the documents in the document store 140 are encoded orencrypted with a content key. This content key is composed of a key thatis a combination of the associated tenant keys for each of theorganizations. In this way the document store 140 can help ensure thatdocuments are only accessible by the correct or intended users. In someconfigurations the document store will allow users to see documents thatthey previously had access to but no longer have access to. Whenpresenting the documents 125 to the user 150, 160 in a user interfacethe document store 140 can illustrate the non-accessible documents in amanner that differentiates the document from documents that the user hasaccess to, such as for example, using a different shading for documentswith which the user has access to as against those they do not haveaccess to, using a different icon to show the different levels of accessto the documents, etc. As the documents 125 are typically encrypted thedocument store 140 may only allow access to the document 125 if arevoking owners list for the document is empty. The user may see thedocument but the key to unlock the document may only be returned by theaccess control component 130 if the revoking owners list for thedocument is empty.

In some configurations the document store 140 may be instructed by theaccess control component 130 to allow a collaborative document 125 to bedownloaded or accessed offline, that is accessible without having anactive connection to the collaborative working portal 120. In theseinstances the document store 140 can place a timer on the collaborativedocument such that when the document is downloaded access will only begranted to the document for a period of time prior to the document beinglocked down. This period of time can be adjusted by the users and mayrange from a few minutes to a few hours or even a couple of days. Theuser who downloads the document 125 will have to reconnect to thecollaborative working portal prior to the timeout to continue to haveaccess to the document. In this way the users 150 and 160 can access thedocuments offline, yet the joint ownership of the document and theenforcement of the access can be controlled. If the user fails toreconnect into the portal 120 within the time period the document 125will be locked down from access. In some embodiments the document may bedeleted or otherwise “self-destruct” on the user's local device. Thisinformation may be stored in the set of permissions 135.

FIG. 2 is flow diagram illustrating a process for implementing the jointcollaborative document system 100 of FIG. 1. The process for creating ajoint collaborative document begins when either user 155 or 165 createsthe document and identifies the document as a joint document. This isillustrated at step 210. At this step the user may create the document125 through one of the applications on the collaborative working portal120. If done this way the user may identify the document as a jointdocument by indicating in the properties that the document is a jointdocument. When indicated as a joint document the access controlcomponent 130 may tag the document as a joint document. The accesscontrol component 130 may then prompt the user through the applicationto provide information as to how the document 125 shall be handled as ajoint document. This may include prompting the user to provide adesignation as to what happens when privileges are revoked to thedocument, such as locking all parties out of the document, or lockingout only a portion of the document. If only a portion of the document isto be locked out upon revocation of the privileges the user may bepresented with options on how the document is to be partially lockedout. The user may select that contributions from the other party will beredacted from the document, or the user may activate a feature wherebyeach user can indicate what portions of the document are confidentialmaterial that is to be redacted out of the document. Once user 150completes the process their selections are added to the properties forthe document 125.

Once the document has been created and designated as a jointcollaborative document 125, the creating user designates a user in thecorresponding organization as an administrator or owner for thedocument. This is illustrated at step 220. The user 160 in the otherorganization 165 can receive a notice that a joint collaborativedocument has been created and that the user 160 has been designated asan administrator for organization 165 on the joint collaborativedocument 125. This notice can be for example via the portal 120 orthrough an email message to the user 160. The user 160 then is able toaccess the document 125 and is first presented with an interface similarto the interface that was presented to user 150 at step 210 during thecreation of the rules for the joint collaborative document 125. User 160then proceeds to determine how they wish the confidential information tobe handled. The user's 160 selections are then added to the document'sproperties. In some embodiments the user 160 can access the document 125immediately upon receiving notice of the creation of the document 125.In this scenario the user can perform step 220 at a later time. Itshould also be noted that users 150 and 160 can return to thepermissions portions at any time to modify the permissions to thedocument 125 to change how the confidential information is handled or toadd or delete additional users or organizations to the document.

Steps 210 and 220 can be repeated as many times as is necessary to addthe appropriate users and organizations that will be collaborating onthe document 125. In some embodiments the original user 150 who createdthe document controls who can be added as additional users andorganizations that will have access to the documents. In otherembodiments any of the authorized users 150 and 160 can add additionalusers. In some embodiments the addition of users beyond the initial twoorganizations requires the agreement of all of the organizations thatcurrently have access to the document.

Once the permissions for the document have been entered by the users 150and/or 160 the access control component 130 proceeds to apply theselected rules and permissions to the document. This is illustrated atstep 230. The access control component 130 can compare the permissionsand rules selected by each user and determine which rule to apply to thedocument. The access control component 130 looks at each of the rulesand determines if the rules are the same or if they are different. Ifthe rules are the same from both users then the access control componentselects that rule as the rule that applies to the document 125. If therules are not the same the access control component 130 determines whichrule is the most restrictive rule. For example, if user 150 wished touse the redaction rule by redacting out the portion of the document 125that was designated as confidential and user 160 wanted to revoke accesscompletely, the access control component would determine that user 160'srule was more restrictive and therefore that rule would be applied tothe document over the rule desired by user 150. Alternatively, theaccess control component 130 can apply user 150's rule to user 160 andvice versa. This would allow upon revocation that user 150 could not seeany of the documents but user 160 could see the part of the documentthat was not redacted by user 150.

Once the rules and permissions for the document 125 have beenestablished at step 230 the users 150 and 160 are able to collaborate onthe document 125 by sharing the information that they desire through theapplication on the collaborative work portal 120. This is illustrated atstep 240. The users 150 and 160 edit and/or create content in thedocument as they would in any other normal document that they use.Depending on the various rules that are applied to the document theusers 150 and 160 may have the option of designating portions of thedocument as being confidential. In this approach the user would simplyhighlight or otherwise indicate the portions of the document 125 thatthey deem to be confidential and that indication would be stored withthe document 125. If the other user were to edit in this space withinformation that is their own and designate it confidential as well totheir organization the access control component 130 could identify it asbeing both confidential to both parties. In some embodiments ifinformation that is labeled confidential by one user 150 is re-enteredby the other user 160 elsewhere in the document the access controlcomponent 130 could identify this information as belonging to user 150and label it as confidential to user 150. This could be achieved by, forexample, using word matching or applying machine learning on the naturallanguage to identify that the same concept has been restated. In thisway the ability to circumvent some of the features can be minimized. Insome embodiments the users 150 and 160 do not need to designate theinformation as confidential, the access control component 130 tracks theinput of each user in the application and automatically labels it asconfidential. The revised version of the document is saved to thedocument storage 140 on a periodic basis either automatically by thecorresponding application or on the command of one of the users 150,160. Stored with the document 125 is the associated metadata thatdescribes how the document is to be protected and the rights associatedwith the document.

The users 150 and 160 continue at step 240 until such time as one of theusers 150 or 160 or one of the organizations 155 or 165 decides that thecollaboration with the other organization or users is to be terminated.At this point one of the users who has the authority to change thepermissions and is associated with the organization that desires toterminate the joint collaboration access a control panel or otherinterface associated with the permissions and access control of thedocument 125. The user then indicates through the interface that thejoint ownership status of the document 125 has been terminated. This isillustrated at step 250. It should be noted that any method or approachfor indicating that the access to the document is to be changed may beused. In situations where there are more than two organizationscollaborating (or two individuals) the user terminating thecollaboration may terminate the collaboration with any number of theorganizations or individuals. In some scenarios it is possible to trackand see which individual revoked access to the document. This can beuseful in situations where an employee is acting in a manner that is notconsistent with the organization's interests or merely as an audit trailto know how the document has been handled. This can be expressed througha revoking owners list.

Once the revocation has been input the access control component 130begins the process of changing the permissions to the document 125 todeny access by the other organization to at least a portion of thedocument 125 according to the received instructions. This is illustratedat step 260. Depending on the original set up of the joint collaborationthe access control component 130 will modify the permissions to thedocument differently. In one embodiment, the revocation of the access tothe document will cause both users 150 and 160 and organizations 155 and165 to lose access to the entire document. In another embodiment eachuser will lose access to the contributions of the other users. (e.g.user 150 will not see contributions from user 160 and vice versa). Inyet another embodiment each user 150, 160 will only loose access to theportions of the document 125 that were identified as confidential by theother user. In some embodiments where the users wished to have differentrestrictions placed on the document the access control component 130will apply the desired restrictions and actions on the document suchthat the other user can only access the portions of the document weredefined as being accessible upon revocation of access.

In some embodiments the act of revocation causes a message or otherindication to be sent to the non-revoking organization. For example, ifuser 150 revoked access to organization 165, then user 160 would receivea notice that access has been revoked to the document. User 165 wouldthen be given the opportunity to revoke access as well. This isillustrated at step 265. In this way both parties can revoke the accessand prevent the regaining of access without the other parties knowledgeor consent. This also ensures that the confidential or proprietaryinformation remains protected.

Upon the revocation of the access to the document 125, the document 125disappears from the list of available documents. This is illustrated atstep 270. Document 125 can disappear any number of ways. In oneembodiment the document is not visible in a list of documents that theuser 150, 160 has access to. In another embodiment the revoked documentis displayed in a greyed out manner to indicate to the user that accessto the document has been revoked. In yet another embodiment the document125 may be moved to another location with other documents that the user150 or 160 no longer has access to. Of course other indications of thelack of access can be used as well.

In some embodiments the revocation of the access to the document isirrevocable. In this scenario, once the access has been terminated thereis no ability to recover the document. However, in other embodiments therevocation is reversible. In these instances, the user wishing toregrant access to the document 125 identifies the document 125 andaccess the permissions list and regrants the access to the document. Theregranting process is similar to the above only that the individuals ororganizations that previously had access may be listed on the display ashaving had access revoked. However, a more detailed description of theregranting process is illustrated below with respect to FIG. 3.

FIG. 3 is a flow diagram illustrating the process for regranting accessto the collaborative document 125 according to one illustrativeembodiment. The process begins when one of the users 150 or 160 revokesaccess to the collaborative document. The process of revoking the accessto the document can occur as discussed above with respect to FIG. 1 andFIG. 2. This is illustrated at step 310.

Next, the user who revoked the access to the document 125 is added tothe revoking owners list. This is illustrated at step 320. The revokingowners list is a list of each of the users who has revoked access to thedocument. Depending on the configuration of the access control list therevocation levels may also be noted in the revoked owners list. Therevoking owners list also may include an association to the organizationassociated with the revoking user. Access to the collaborative document125 is then restricted by the system 100 such that all of the users arenot able to see or access at least a portion of the collaborativedocument 125. This is illustrated at step 330.

At some time later one of the revoking users decides that they wish tocontinue working with the other users on the collaborative document. Therevoking user then provides instructions to the access control component130 that they wish to regrant access to the revoked user. This isillustrated at step 335. Next the user regranting access is removed fromthe revoking owners list. This process does not remove other users fromthe revoking owners list. However, in some embodiments an administratormay be able to remove from the revoking owners list all users associatedwith that administrator's organization that appear in the revokingowners list. This is illustrated at step 340

The access control component 130 then determines if the revoking ownerslist is empty. If the revoking owners list is empty then unrestrictedaccess to the document 125 is regranted to all of the users. This isillustrated at step 350. If the revoking owners list is not empty theaccess control component 130 does not regrant unrestricted access to thedocument 125. In some embodiments the access control component willnotify the others users in the revoking owners list that one of therevoking owners has decided to regrant access to the document. Theseother users can then go in and remove their entries from the list aswell if they desire to regrant access to the document. These users wouldsimply repeat steps 340 and 350 to regrant access as well.

FIG. 4 illustrates a component diagram of a computing device accordingto one embodiment. The computing device 400 can be utilized to implementone or more computing devices, computer processes, or software modulesdescribed herein. In one example, the computing device 400 can beutilized to process calculations, execute instructions, receive andtransmit digital signals. In another example, the computing device 400can be utilized to process calculations, execute instructions, receiveand transmit digital signals, receive and transmit search queries, andhypertext, compile computer code, as required by the system of thepresent embodiments. Further, computing device 400 can be a distributedcomputing device where components of computing device 400 are located ondifferent computing devices that are connected to each other throughnetwork or other forms of connections. Additionally, computing device400 can be a cloud based computing device.

The computing device 400 can be any general or special purpose computernow known or to become known capable of performing the steps and/orperforming the functions described herein, either in software, hardware,firmware, or a combination thereof.

In its most basic configuration, computing device 400 typically includesat least one central processing unit (CPU) 402 and memory 404. Dependingon the exact configuration and type of computing device, memory 404 maybe volatile (such as RAM), non-volatile (such as ROM, flash memory,etc.) or some combination of the two. Additionally, computing device 400may also have additional features/functionality. For example, computingdevice 400 may include multiple CPU's. The described methods may beexecuted in any manner by any processing unit in computing device 400.For example, the described process may be executed by both multipleCPU's in parallel.

Computing device 400 may also include additional storage (removableand/or non-removable) including, but not limited to, magnetic or opticaldisks or tape. Such additional storage is illustrated in FIG. 5 bystorage 406. Computer storage media includes volatile and nonvolatile,removable and non-removable media implemented in any method ortechnology for storage of information such as computer readableinstructions, data structures, program modules or other data. Memory 404and storage 406 are all examples of computer storage media. Computerstorage media includes, but is not limited to, RAM, ROM, EEPROM, flashmemory or other memory technology, CD-ROM, digital versatile disks (DVD)or other optical storage, magnetic cassettes, magnetic tape, magneticdisk storage or other magnetic storage devices, or any other mediumwhich can be used to store the desired information and which canaccessed by computing device 400. Any such computer storage media may bepart of computing device 400.

Computing device 400 may also contain communications device(s) 412 thatallow the device to communicate with other devices. Communicationsdevice(s) 412 is an example of communication media. Communication mediatypically embodies computer readable instructions, data structures,program modules or other data in a modulated data signal such as acarrier wave or other transport mechanism and includes any informationdelivery media. The term “modulated data signal” means a signal that hasone or more of its characteristics set or changed in such a manner as toencode information in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared and other wireless media. The term computer-readable media asused herein includes both computer storage media and communicationmedia. The described methods may be encoded in any computer-readablemedia in any form, such as data, computer-executable instructions, andthe like.

Computing device 400 may also have input device(s) 410 such as keyboard,mouse, pen, voice input device, touch input device, etc. Outputdevice(s) 408 such as a display, speakers, printer, etc. may also beincluded. All these devices are well known in the art and need not bediscussed at length.

Those skilled in the art will realize that storage devices utilized tostore program instructions can be distributed across a network. Forexample a remote computer may store an example of the process describedas software. A local or terminal computer may access the remote computerand download a part or all of the software to run the program.Alternatively the local computer may download pieces of the software asneeded, or distributively process by executing some softwareinstructions at the local terminal and some at the remote computer (orcomputer network). Those skilled in the art will also realize that byutilizing conventional techniques known to those skilled in the art thatall, or a portion of the software instructions may be carried out by adedicated circuit, such as a DSP, programmable logic array, or the like.

1. A method for creating and managing joint ownership of a document,comprising: creating a document on a computing device; indicating thatthe document is owned by at least a first user from a first organizationand at least a second user from a second organization; and accessing thedocument by the first user and the second user where the first user andthe second user can access the entire document; wherein the precedingsteps are executed by at least one processor.
 2. The method of claim 1wherein creating a document on a computing device, creates the documenton a collaborative working portal.
 3. The method of claim 1 whereinindicating further comprises: designating a first administrator for thedocument in the first organization and a second administrator for thedocument in the second organization.
 4. The method of claim 3 whereinthe first administrator and the second administrator can revoke accessto the document from any user currently having access to the document.5. The method of claim 1 further comprising: editing the document byeither the first user or the second user.
 6. The method of claim 1further comprising: designating at least a portion of the document ascontaining proprietary information.
 7. The method of claim 1 furthercomprising: revoking access to the document to the first user from thefirst organization by the second user, wherein revoking access resultsin all users being denied access to at least a portion of the document.8. The method of claim 7 wherein the portion comprises the entiredocument.
 9. The method of claim 7 further comprising: displaying thedocument following revocation of access to the first user and the seconduser in a redacted format, wherein the redacted format redactsproprietary information of the first user from the document whendisplayed to the second user and redacts proprietary information of thesecond user from the document when displayed to the first user.
 10. Themethod of claim 7 further comprising: alerting the first user that thesecond user has revoked access to the document; and permitting the firstuser to revoke access to the document from the second user.
 11. Themethod of claim 1 further comprising: adding a third user from a thirdorganization as an owner of the document, wherein the third user hasequal ability to revoke access to the document from the first user andthe second user.
 12. A system comprising: a first user associated with afirst organization; a second user associated with a second organization;a collaborative working portal configured to allow the first user and asecond user to access a collaborative document; and an access controlcomponent configured to control access to the collaborative documentbased on a set of permissions placed on access to the collaborativedocument by either of the first user or of the second user.
 13. Thesystem of claim 12 wherein the collaborative working portal furthercomprises at least one application configured to permit the first userand the second user to modify the collaborative document.
 14. The systemof claim 12 wherein the set of permissions may be modified by the firstuser and the second user.
 15. The system of claim 14 wherein themodification of the set of permissions is a revocation of access for thefirst user to the collaborative document by the second user.
 16. Thesystem of claim 15 wherein the access control component is furtherconfigured to deny both the first user and the second user access to thecollaborative document when the second user revokes the access to thecollaborative document for the first user.
 17. The system of claim 15wherein the access control component is further configured to redact thecollaborative document in response to the revocation of access to thecollaborative document by the second user.
 18. The system of claim 14wherein the access control component is further configured to notify thefirst user of changes to the set of permissions made by the second userand notify the second user of changes to the set of permissions made bythe first user.
 19. The system of claim 12 wherein the access controlcomponent is further configured to permit the first user or the seconduser to download the collaborative document and wherein the set ofpermissions require that access to the collaborative document is onlyavailable for a predetermined period of time.
 20. A computer readablestorage medium having computer executable instructions that whenexecuted cause a computer to perform the steps of: identify acollaborative document in a collaborative working portal that is subjectto joint ownership by a first user from a first organization and asecond user from a second different organization; determine that thesecond user has revoked access to the collaborative document for thefirst user; add the second user to the revoking owners list; blockaccess to at least a portion of contents of the collaborative documentto both the first user and the second user; receive instructions fromthe second user to restore access to the collaborative document for thefirst user; remove the second user from the revoking owners list; andallow access to the collaborative document to all users when therevoking owners list is empty.